0
Online Safety & Security
April-May 2014
Epiphany Technology Committee
Jeff Squyres, Jim Cabral
Clickable links to additional
information are included at the end
of this presentation
Agenda
● Why Should I Care About Security?
● Who Is Attacking Me?
● What Do I Need to Protect?
● What Can Happen?
● What I...
Disclaimer
● We’re Just Trying to Help
● Don’t blame us if things go bad
● We’re volunteers (with day jobs)
Why Should I Care About Security?
“Just like any other public environment, the Internet
requires awareness and caution. Ju...
The “Heartbleed” bug
The “Heartbleed” bug: Fun facts
● Only 38% of users have
changed their passwords
○ 6% have changed all
○ 16% changed “some...
The “Heartbleed” bug
● The Internet depends on encryption
○ “https” → S = secure (encryption)
○ Encryption between compute...
The “Heartbleed” bug
● This encryption is known as “SSL”
○ “Secure Sockets Layer”
SSL encrypted connection
The “Heartbleed” bug
● ⅔ of web sites use the same software for SSL
○ OpenSSL
SSL encrypted connection
Open
SSL
● Software bug in OpenSSL since March 2012
The “Heartbleed” bug
Open
SSL
● Software bug in OpenSSL since March 2012
The “Heartbleed” bug
Open
SSL
The “Heartbleed” bug
It’s like walking through a
crowded restaurant with a
video camera.
Joe Smith:
your total is
$98.17He...
● Most web sites have fixed the problem
○ It is now safe to go change all your
passwords
● You can’t know if your password...
Who Is Attacking Me?
Albert Gonzales: stole 170M
credit / ATM cards from TJ Maxx
Who Is Attacking Me?
Nigerian (“419”) scammers
Also related:
● Guaranteed loan/credit scams
● Lottery scams
● Overpayment ...
Who Is Attacking Me?
Dating, foreign
bride, sex scams
Who Is Attacking Me?
State-sponsored
“I’m not important”
● “No one cares
about my Facebook
account…”
● Wrong
○ They care a lot
“I’m not important”
● They’ll use the
same username /
password to login
elsewhere
● They’ll impersonate
you
What Do I Need to Protect?
What Can Happen?
Identity and Data Theft
Surveillance/Spying
Inappropriate Content
Your
child
What Increases My Risk?
Poor Passwords
● Simple passwords
● Old or reused
passwords
● Lack of 2-factor
authentication
“Do I really need a different password on
every web site?”
Yes
(sorry)
“But I can’t remember all those passwords!”
● Use a password-keeper program
● Two good ones:
○ LastPass
○ DashLane
● Both ...
Sidenote: What is 2-factor authentication?
1. Something you know
○ Your password
2. Something you have
○ Your cell phone
Sidenote: What is 2-factor authentication?
Login: bobcat371, LouCardsRule
Sidenote: What is 2-factor authentication?
Text bobcat371’s phone: code is 998321
This code changes every time
Sidenote: What is 2-factor authentication?
Text bobcat371’s phone: code is 998321
This code changes every time
What’s the ...
Sidenote: What is 2-factor authentication?
Text bobcat371’s phone: code is 998321
bobcat371, code is 998321
This code chan...
Sidenote: What is 2-factor authentication?
You’re logged in!
Why is that useful?
Text bobcat371’s phone:
code is 796537
Login: bobcat371,
LouCardsRule
Why is that useful?
Text bobcat371’s phone:
code is 796537
What’s the code?
Why is that useful?
Text bobcat371’s phone:
code is 796537
Uh...
Why is that useful?
Text bobcat371’s phone:
code is 796537
Uh...
Who supports 2-factor?
Who supports 2-factor?
These are only a few
Many more support 2-factor
authentication
Check your favorite web sites to see...
Back to:
What Increases My Risk?
Unpatched Software
● Windows and MacOS
● Applications (PDF, Office)
● Mobile phones, tablets
● Web Servers
(Heartbleed)
● ...
Insecure Configurations
● Software not set to auto-
update
● Open home WiFi
“I’m not important”
● “No one cares about my
home wifi network”
● Wrong
They care a lot
Wifi reaches outside of your home
With protected wifi
Your home / wifi
Bad guy
can’t get in your
network
With protected wifi
Your home / wifi
Bad guy connects
from the street -- he’s
in your network!
Unprotected wifi
“Unprotected wifi is not
only like leaving your
front door unlocked; it’s
like leaving it wide open
with ...
How Can I Protect Myself?
Use Safe Online Behaviors
● Change ALL your passwords now
○ Use complex, unique
passwords for each site
● Avoid suspicious...
Get Help to Setup Security
● Set phones, tablets
and computers to
auto update
● Back up critical
information
● Encrypt you...
Get Help to Setup Security
Get Help to Setup Security
Everyone’s
setup is
different; we
can’t help
you in this
seminar
Get personal
or
professional
h...
What If I Get Hacked?
Good Response Better Response
Recap
● The internet is a
dangerous place
○ BUT IT IS
MANAGEABLE!
○ Be sensible, be safe
○ Stop. Think. Connect.
Recap
● You can take actions NOW to protect yourself
○ Change ALL your passwords
■ Use good passwords
■ Get a password kee...
Questions?
Helpful links
● STOP. THINK. CONNECT.: From the Dept. of Homeland Security
○ http://stopthinkconnect.org
● Malwarebytes: H...
Helpful links
● OpenDNS: Parental controls for filtering web sites at home
○ http://www.opendns.com/
● Microsoft Family Sa...
Thank you!
Upcoming SlideShare
Loading in...5
×

Computer Security Seminar: Protect your internet account information

253

Published on

Slides from the Computer Security seminar presented by the Epiphany Technology Committee on 21 April 2014.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
253
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Computer Security Seminar: Protect your internet account information"

  1. 1. Online Safety & Security April-May 2014 Epiphany Technology Committee Jeff Squyres, Jim Cabral
  2. 2. Clickable links to additional information are included at the end of this presentation
  3. 3. Agenda ● Why Should I Care About Security? ● Who Is Attacking Me? ● What Do I Need to Protect? ● What Can Happen? ● What Increases My Risk? ● How Can I Protect Myself? ● What If I Get Hacked?
  4. 4. Disclaimer ● We’re Just Trying to Help ● Don’t blame us if things go bad ● We’re volunteers (with day jobs)
  5. 5. Why Should I Care About Security? “Just like any other public environment, the Internet requires awareness and caution. Just as you use locks to keep criminals out of your home, you also need safeguards to secure your computer. Many of the crimes that occur in real life are now done - or at least facilitated - through the Internet. Theft, abuse, and more can be and are being done online. Many scammers target older Americans via emails and websites for charitable donations, dating services, auctions, health care, and prescription medications.” US Department of Homeland Security.
  6. 6. The “Heartbleed” bug
  7. 7. The “Heartbleed” bug: Fun facts ● Only 38% of users have changed their passwords ○ 6% have changed all ○ 16% changed “some” ○ 16% changed “a few”
  8. 8. The “Heartbleed” bug ● The Internet depends on encryption ○ “https” → S = secure (encryption) ○ Encryption between computers Encrypted connection
  9. 9. The “Heartbleed” bug ● This encryption is known as “SSL” ○ “Secure Sockets Layer” SSL encrypted connection
  10. 10. The “Heartbleed” bug ● ⅔ of web sites use the same software for SSL ○ OpenSSL SSL encrypted connection Open SSL
  11. 11. ● Software bug in OpenSSL since March 2012 The “Heartbleed” bug Open SSL
  12. 12. ● Software bug in OpenSSL since March 2012 The “Heartbleed” bug Open SSL
  13. 13. The “Heartbleed” bug It’s like walking through a crowded restaurant with a video camera. Joe Smith: your total is $98.17Here’s my credit card Please log me in; my username is “bobcat371”, my password is “LouCardsRule” You catch snippets of conversations and images. Most aren’t important. But some are.
  14. 14. ● Most web sites have fixed the problem ○ It is now safe to go change all your passwords ● You can’t know if your password was stolen ○ (there was no way to track the guy with the video camera) The “Heartbleed” bug
  15. 15. Who Is Attacking Me? Albert Gonzales: stole 170M credit / ATM cards from TJ Maxx
  16. 16. Who Is Attacking Me? Nigerian (“419”) scammers Also related: ● Guaranteed loan/credit scams ● Lottery scams ● Overpayment / refund scams ● Disaster relief scams ● Travel scams ● Tech/computer help scams
  17. 17. Who Is Attacking Me? Dating, foreign bride, sex scams
  18. 18. Who Is Attacking Me? State-sponsored
  19. 19. “I’m not important” ● “No one cares about my Facebook account…” ● Wrong ○ They care a lot
  20. 20. “I’m not important” ● They’ll use the same username / password to login elsewhere ● They’ll impersonate you
  21. 21. What Do I Need to Protect?
  22. 22. What Can Happen?
  23. 23. Identity and Data Theft
  24. 24. Surveillance/Spying
  25. 25. Inappropriate Content Your child
  26. 26. What Increases My Risk?
  27. 27. Poor Passwords ● Simple passwords ● Old or reused passwords ● Lack of 2-factor authentication
  28. 28. “Do I really need a different password on every web site?” Yes (sorry)
  29. 29. “But I can’t remember all those passwords!” ● Use a password-keeper program ● Two good ones: ○ LastPass ○ DashLane ● Both are “Freemium”
  30. 30. Sidenote: What is 2-factor authentication? 1. Something you know ○ Your password 2. Something you have ○ Your cell phone
  31. 31. Sidenote: What is 2-factor authentication? Login: bobcat371, LouCardsRule
  32. 32. Sidenote: What is 2-factor authentication? Text bobcat371’s phone: code is 998321 This code changes every time
  33. 33. Sidenote: What is 2-factor authentication? Text bobcat371’s phone: code is 998321 This code changes every time What’s the code?
  34. 34. Sidenote: What is 2-factor authentication? Text bobcat371’s phone: code is 998321 bobcat371, code is 998321 This code changes every time
  35. 35. Sidenote: What is 2-factor authentication? You’re logged in!
  36. 36. Why is that useful? Text bobcat371’s phone: code is 796537 Login: bobcat371, LouCardsRule
  37. 37. Why is that useful? Text bobcat371’s phone: code is 796537 What’s the code?
  38. 38. Why is that useful? Text bobcat371’s phone: code is 796537 Uh...
  39. 39. Why is that useful? Text bobcat371’s phone: code is 796537 Uh...
  40. 40. Who supports 2-factor?
  41. 41. Who supports 2-factor? These are only a few Many more support 2-factor authentication Check your favorite web sites to see if they support 2-factor authentication
  42. 42. Back to: What Increases My Risk?
  43. 43. Unpatched Software ● Windows and MacOS ● Applications (PDF, Office) ● Mobile phones, tablets ● Web Servers (Heartbleed) ● Others (Java)
  44. 44. Insecure Configurations ● Software not set to auto- update ● Open home WiFi
  45. 45. “I’m not important” ● “No one cares about my home wifi network” ● Wrong They care a lot
  46. 46. Wifi reaches outside of your home
  47. 47. With protected wifi Your home / wifi Bad guy can’t get in your network
  48. 48. With protected wifi Your home / wifi Bad guy connects from the street -- he’s in your network!
  49. 49. Unprotected wifi “Unprotected wifi is not only like leaving your front door unlocked; it’s like leaving it wide open with a ‘Welcome’ mat out front.”
  50. 50. How Can I Protect Myself?
  51. 51. Use Safe Online Behaviors ● Change ALL your passwords now ○ Use complex, unique passwords for each site ● Avoid suspicious emails, messages, websites and public WiFi ○ If it’s too good to be true, it probably is ● Monitor your credit cards
  52. 52. Get Help to Setup Security ● Set phones, tablets and computers to auto update ● Back up critical information ● Encrypt your home WiFi (use WPA2)
  53. 53. Get Help to Setup Security
  54. 54. Get Help to Setup Security Everyone’s setup is different; we can’t help you in this seminar Get personal or professional help
  55. 55. What If I Get Hacked? Good Response Better Response
  56. 56. Recap ● The internet is a dangerous place ○ BUT IT IS MANAGEABLE! ○ Be sensible, be safe ○ Stop. Think. Connect.
  57. 57. Recap ● You can take actions NOW to protect yourself ○ Change ALL your passwords ■ Use good passwords ■ Get a password keeper ■ Setup 2-factor where possible ○ Ensure your firewall / anti-virus is up to date ○ Upgrade away from Windows XP ○ Set all your software to auto-update ○ Protect your home wifi ○ Setup off-site backups
  58. 58. Questions?
  59. 59. Helpful links ● STOP. THINK. CONNECT.: From the Dept. of Homeland Security ○ http://stopthinkconnect.org ● Malwarebytes: Handy PC software to remove viruses ○ A good second line of defense ○ https://www.malwarebytes.org/ ● Lastpass: Password keeper ○ https://lastpass.com/ ○ They also run a Hearbleed checker: https://lastpass.com/heartbleed ● Free annual credit report: From the US government ○ https://www.annualcreditreport.com/ ● XKCD: Simple cartoon showing how Heartbleed works ○ http://imgs.xkcd.com/comics/heartbleed_explanation.png
  60. 60. Helpful links ● OpenDNS: Parental controls for filtering web sites at home ○ http://www.opendns.com/ ● Microsoft Family Safety: ○ https://familysafety.live.com/ ● Reporting Computer Crime: ○ http://www.justice.gov/criminal/cybercrime/reporting.html
  61. 61. Thank you!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×